im running the lastest version of Kamikaze (well almost since [6182] broke iptables)
BusyBox v1.3.1 (2007-01-22 23:03:11 EST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (bleeding edge, r6181) -------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@OpenWrt:~#
I'm having to following issues:
1. pppd do not start on its own
root@OpenWrt:~# logread
Jan 1 00:00:20 (none) syslog.info syslogd started: BusyBox v1.3.1
Jan 1 00:00:20 (none) user.notice kernel: klogd started: BusyBox v1.3.1 (2007-01-22 23:03:11 EST)
Jan 1 00:00:20 (none) user.warn kernel: CPU revision is: 00029007
Jan 1 00:00:20 (none) user.warn kernel: Primary instruction cache 8kB, physically tagged, 2-way, linesize 16 bytes.
Jan 1 00:00:20 (none) user.warn kernel: Primary data cache 4kB, 2-way, linesize 16 bytes.
Jan 1 00:00:20 (none) user.warn kernel: Linux version 2.4.34 (weedy@kamo-chan) (gcc version 3.4.6 (OpenWrt-2.0)) #2 Mon Jan 22 23:17:36 EST 2007
Jan 1 00:00:20 (none) user.warn kernel: Determined physical RAM map:
Jan 1 00:00:20 (none) user.warn kernel: memory: 02000000 @ 00000000 (usable)
Jan 1 00:00:20 (none) user.warn kernel: On node 0 totalpages: 8192
Jan 1 00:00:20 (none) user.warn kernel: zone(0): 8192 pages.
Jan 1 00:00:20 (none) user.warn kernel: zone(1): 0 pages.
Jan 1 00:00:20 (none) user.warn kernel: zone(2): 0 pages.
Jan 1 00:00:20 (none) user.warn kernel: Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,115200
Jan 1 00:00:20 (none) user.warn kernel: CPU: BCM4712 rev 1 at 216 MHz
Jan 1 00:00:20 (none) user.warn kernel: Using 108.000 MHz high precision timer.
Jan 1 00:00:20 (none) user.warn kernel: Calibrating delay loop... 212.17 BogoMIPS
Jan 1 00:00:20 (none) user.info kernel: Memory: 30420k/32768k available (1464k kernel code, 2348k reserved, 100k data, 92k init, 0k highmem)
Jan 1 00:00:20 (none) user.info kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
Jan 1 00:00:20 (none) user.info kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
Jan 1 00:00:20 (none) user.info kernel: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
Jan 1 00:00:20 (none) user.info kernel: Buffer cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 00:00:20 (none) user.warn kernel: Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
Jan 1 00:00:20 (none) user.warn kernel: Checking for 'wait' instruction... unavailable.
Jan 1 00:00:20 (none) user.warn kernel: POSIX conformance testing by UNIFIX
Jan 1 00:00:20 (none) user.warn kernel: PCI: Disabled
Jan 1 00:00:20 (none) user.warn kernel: PCI: Fixing up bus 0
Jan 1 00:00:20 (none) user.info kernel: Linux NET4.0 for Linux 2.4
Jan 1 00:00:20 (none) user.info kernel: Based upon Swansea University Computer Society NET3.039
Jan 1 00:00:20 (none) user.warn kernel: Initializing RT netlink socket
Jan 1 00:00:20 (none) user.warn kernel: Starting kswapd
Jan 1 00:00:20 (none) user.warn kernel: Registering mini_fo version $Id$
Jan 1 00:00:20 (none) user.info kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
Jan 1 00:00:20 (none) user.info kernel: devfs: boot_options: 0x1
Jan 1 00:00:20 (none) user.notice kernel: JFFS2 version 2.1. (C) 2001 Red Hat, Inc., designed by Axis Communications AB.
Jan 1 00:00:20 (none) user.info kernel: squashfs: version 3.0 (2006/03/15) Phillip Lougher
Jan 1 00:00:20 (none) user.warn kernel: pty: 256 Unix98 ptys configured
Jan 1 00:00:20 (none) user.info kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Jan 1 00:00:20 (none) user.info kernel: ttyS00 at 0xb8000300 (irq = 3) is a 16550A
Jan 1 00:00:20 (none) user.info kernel: ttyS01 at 0xb8000400 (irq = 3) is a 16550A
Jan 1 00:00:20 (none) user.info kernel: b44.c:v0.93 (Mar, 2004)
Jan 1 00:00:20 (none) user.debug kernel: PCI: Setting latency timer of device 00:02.0 to 64
Jan 1 00:00:20 (none) user.info kernel: eth0: Broadcom 47xx 10/100BaseT Ethernet 00:13:10:07:ee:fc
Jan 1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x800000 for the chip at 0x0
Jan 1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x1000000 for the chip at 0x0
Jan 1 00:00:20 (none) user.debug kernel: Physically mapped flash: Found an alias at 0x1800000 for the chip at 0x0
Jan 1 00:00:20 (none) user.notice kernel: cfi_cmdset_0001: Erase suspend on write enabled
Jan 1 00:00:20 (none) user.debug kernel: 0: offset=0x0,size=0x20000,blocks=64
Jan 1 00:00:20 (none) user.warn kernel: Using buffer write method
Jan 1 00:00:20 (none) user.notice kernel: Flash device: 0x800000 at 0x1c000000
Jan 1 00:00:20 (none) user.notice kernel: bootloader size: 262144
Jan 1 00:00:20 (none) user.info kernel: Physically mapped flash: Filesystem type: squashfs, size=0x11c5f7
Jan 1 00:00:20 (none) user.notice kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan 1 00:00:20 (none) user.notice kernel: 0x00000000-0x00040000 : "cfe"
Jan 1 00:00:20 (none) user.notice kernel: 0x00040000-0x007e0000 : "linux"
Jan 1 00:00:20 (none) user.notice kernel: 0x000be000-0x001e0000 : "rootfs"
Jan 1 00:00:20 (none) user.warn kernel: mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only
Jan 1 00:00:20 (none) user.notice kernel: 0x007e0000-0x00800000 : "nvram"
Jan 1 00:00:20 (none) user.notice kernel: 0x001e0000-0x007e0000 : "OpenWrt"
Jan 1 00:00:20 (none) user.err kernel: sflash: found no supported devices
Jan 1 00:00:20 (none) user.info kernel: Initializing Cryptographic API
Jan 1 00:00:20 (none) user.info kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan 1 00:00:20 (none) user.info kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Jan 1 00:00:20 (none) user.info kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan 1 00:00:20 (none) user.info kernel: TCP: Hash tables configured (established 2048 bind 4096)
Jan 1 00:00:20 (none) user.warn kernel: ip_conntrack version 2.1 (5953 buckets, 5953 max) - 360 bytes per conntrack
Jan 1 00:00:20 (none) user.warn kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan 1 00:00:20 (none) user.info kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan 1 00:00:20 (none) user.info kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan 1 00:00:20 (none) user.info kernel: 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>
Jan 1 00:00:20 (none) user.info kernel: All bugs added by David S. Miller <davem@redhat.com>
Jan 1 00:00:20 (none) user.warn kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 00:00:20 (none) user.info kernel: Mounted devfs on /dev
Jan 1 00:00:20 (none) user.info kernel: Freeing unused kernel memory: 92k freed
Jan 1 00:00:20 (none) user.warn kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan 1 00:00:20 (none) user.warn kernel: diag: Detected 'Linksys WRT54G/GS/GL'
Jan 1 00:00:20 (none) user.warn kernel: Probing device eth0: found!
Jan 1 00:00:20 (none) user.info kernel: b44: eth0: Link is up at 100 Mbps, full duplex.
Jan 1 00:00:20 (none) user.info kernel: b44: eth0: Flow control is off for TX and off for RX.
Jan 1 00:00:20 (none) user.info kernel: mini_fo: using base directory: /
Jan 1 00:00:20 (none) user.info kernel: mini_fo: using storage directory: /jffs
Jan 1 00:00:20 (none) user.warn kernel: jffs2.bbc: SIZE compression mode activated.
Jan 1 00:00:22 (none) user.info kernel: b44: eth0: Link is up at 100 Mbps, full duplex.
Jan 1 00:00:22 (none) user.info kernel: b44: eth0: Flow control is off for TX and off for RX.
Jan 1 00:00:23 (none) user.warn kernel: BFL_ENETADM not set in boardflags. Use force=1 to ignore.
Jan 1 00:00:24 (none) user.info kernel: eth0.0: dev_set_promiscuity(master, 1)
Jan 1 00:00:24 (none) user.info kernel: device eth0 entered promiscuous mode
Jan 1 00:00:24 (none) user.info kernel: device eth0.0 entered promiscuous mode
Jan 1 00:00:24 (none) user.info kernel: br-lan: port 1(eth0.0) entering learning state
Jan 1 00:00:25 (none) user.info kernel: br-lan: port 1(eth0.0) entering forwarding state
Jan 1 00:00:25 (none) user.info kernel: br-lan: topology change detected, propagating
Jan 1 00:00:25 (none) user.info kernel: CSLIP: code copyright 1989 Regents of the University of California
Jan 1 00:00:25 (none) user.info kernel: PPP generic driver version 2.4.2
Jan 1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering disabled state
Jan 1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering learning state
Jan 1 00:00:26 (none) user.info kernel: br-lan: port 1(eth0.0) entering forwarding state
Jan 1 00:00:26 (none) user.info kernel: br-lan: topology change detected, propagating
Jan 1 00:00:28 (none) user.debug kernel: PCI: Setting latency timer of device 00:01.0 to 64
Jan 1 00:00:28 (none) user.warn kernel: wl0: Broadcom BCM4320 802.11 Wireless Controller 4.80.53.0
Jan 1 00:00:28 (none) user.info : Warning: loading wl will taint the kernel: no license
Jan 1 00:00:28 (none) user.info : See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Jan 1 00:00:29 (none) daemon.info pppd[387]: Plugin rp-pppoe.so loaded.
Jan 1 00:00:30 (none) user.info kernel: ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>. http://snowman.net/projects/ipt_recent/
Jan 1 00:00:30 (none) user.info kernel: IPP2P v0.8.1_rc1 loading
Jan 1 00:00:30 (none) user.info kernel: imq driver loaded.
Jan 1 00:00:32 (none) user.warn kernel: ipt_time loading
Jan 1 00:00:33 (none) user.info : Could not load the ptable
Jan 1 00:00:33 (none) user.info : Could not load the ptable
Jan 1 00:00:34 (none) user.info kernel: device wl0 entered promiscuous mode
Jan 1 00:00:34 (none) user.info kernel: br-lan: port 2(wl0) entering learning state
Jan 1 00:00:34 (none) user.info kernel: br-lan: port 2(wl0) entering forwarding state
Jan 1 00:00:34 (none) user.info kernel: br-lan: topology change detected, propagating
Jan 1 00:00:38 (none) user.notice ez-ipupdate: ez-ipupdate Version 3.0.11b8
Jan 1 00:00:38 (none) user.notice ez-ipupdate: Copyright (C) 1998-2001 Angus Mackay
Jan 1 00:00:38 (none) user.notice ez-ipupdate: gethostbyname: Unknown host
Jan 1 00:00:38 (none) user.notice ez-ipupdate: error connecting to members.dyndns.org:80
Jan 1 00:00:43 (none) cron.notice crond[910]: crond 2.3.2 dillon, started, log level 8
Jan 1 00:00:44 (none) authpriv.info dropbear[923]: Running in background
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: started, version 2.35 cachesize 150
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: DHCP, IP range 192.168.1.100 -- 192.168.1.149, lease time 12h
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: reading /tmp/resolv.conf.auto
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.199#53
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.203#53
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: read /etc/hosts - 1 addresses
Jan 1 00:00:48 (none) daemon.info dnsmasq[997]: read /etc/ethers - 5 addresses
Jan 1 00:00:49 (none) authpriv.info dropbear[1005]: Child connection from 192.168.1.103:32984
Jan 1 00:00:52 (none) authpriv.warn dropbear[1005]: bad password attempt for 'root' from 192.168.1.103:32984
Jan 1 00:00:55 (none) authpriv.notice dropbear[1005]: password auth succeeded for 'root' from 192.168.1.103:32984
Jan 1 00:00:56 (none) daemon.info dnsmasq[997]: DHCPREQUEST(br-lan) 192.168.1.104 00:16:cf:11:e9:7c
Jan 1 00:00:56 (none) daemon.info dnsmasq[997]: DHCPACK(br-lan) 192.168.1.104 00:16:cf:11:e9:7c lappy-8ef5b40f5
i must manualy start it
Jan 1 00:01:55 (none) daemon.info pppd[1084]: Plugin rp-pppoe.so loaded.
Jan 1 00:01:55 (none) daemon.notice pppd[1085]: pppd 2.4.3 started by root, uid 0
Jan 1 00:01:55 (none) daemon.err pppd[1085]: Interface eth0.1 has MTU of 1492 -- should be 1500. You may have serious connection problems.
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: PADS: Service-Name: ''
Jan 1 00:01:55 (none) daemon.info pppd[1085]: PPP session is 5036
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: using channel 2
Jan 1 00:01:55 (none) daemon.info pppd[1085]: Using interface ppp0
Jan 1 00:01:55 (none) daemon.notice pppd[1085]: Connect: ppp0 <--> eth0.1
Jan 1 00:01:55 (none) daemon.warn pppd[1085]: Couldn't increase MTU to 1500
Jan 1 00:01:55 (none) daemon.warn pppd[1085]: Couldn't increase MRU to 1500
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x6419a93c>]
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP ConfReq id=0x6f <mru 1492> <auth pap> <magic 0x358b45be>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP ConfAck id=0x6f <mru 1492> <auth pap> <magic 0x358b45be>]
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x6419a93c>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: sent [LCP EchoReq id=0x0 magic=0x6419a93c]
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: sent [PAP AuthReq id=0x1 user="b1tvgv26" password=<hidden>]
Jan 1 00:01:55 (none) daemon.debug pppd[1085]: rcvd [LCP EchoRep id=0x0 magic=0x358b45be] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [PAP AuthAck id=0x1 ""] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: PAP authentication succeeded
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: PAP authentication succeeded
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: peer from calling number 00:90:1A:A0:A1:E9 authorized
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfNak id=0x1 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfReq id=0x2 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>]
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfReq id=0xc7 <addr 64.230.197.224>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: sent [IPCP ConfAck id=0xc7 <addr 64.230.197.224>]
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: rcvd [IPCP ConfAck id=0x2 <addr 65.92.121.148> <ms-dns1 67.69.184.203> <ms-dns3 67.69.184.199>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: local IP address 65.92.121.148
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: remote IP address 64.230.197.224
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: primary DNS address 67.69.184.203
Jan 1 00:01:56 (none) daemon.notice pppd[1085]: secondary DNS address 67.69.184.199
Jan 1 00:01:56 (none) daemon.debug pppd[1085]: Script /etc/ppp/ip-up started (pid 1130)
Jan 1 00:01:57 (none) user.notice ez-ipupdate: ez-ipupdate Version 3.0.11b8
Jan 1 00:01:57 (none) user.notice ez-ipupdate: Copyright (C) 1998-2001 Angus Mackay
Jan 1 00:01:59 (none) daemon.info dnsmasq[997]: reading /tmp/resolv.conf.auto
Jan 1 00:01:59 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.199#53
Jan 1 00:01:59 (none) daemon.info dnsmasq[997]: using nameserver 67.69.184.203#53
Jan 1 00:01:59 (none) daemon.info dnsmasq[997]: using local addresses only for domain lan
Jan 1 00:02:00 (none) daemon.debug pppd[1085]: Script /etc/ppp/ip-up finished (pid 1130), status = 0x1
Jan 1 00:02:07 (none) user.notice ez-ipupdate: connected to members.dyndns.org (63.208.196.95) on port 80
Jan 23 08:53:45 (none) user.notice ez-ipupdate: request successful
Jan 23 08:53:48 (none) daemon.info pppd[1085]: System time change detected.
Jan 23 08:53:56 (none) authpriv.info dropbear[1285]: Child connection from 192.168.1.134:2103
Jan 23 08:54:02 (none) authpriv.notice dropbear[1285]: password auth succeeded for 'root' from 192.168.1.134:2103
Jan 23 08:54:39 (none) cron.warn crond[910]: time disparity of 3714292 minutes detected
2. Does snat work? this is my firewall.user
root@OpenWrt:~# cat /etc/firewall.user
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
. /etc/functions.sh # common functions
include /lib/network # include /lib/network/*.sh
scan_interfaces # read and parse the network config
PPPUP=$(ifconfig `config_get wan ifname` 2>&1 |grep "Device not found")
[ -n "$PPPUP" ] && exit
IP=$(ifconfig `config_get wan ifname` | grep 'inet addr' | awk '{print $2}' | cut -d':' -f 2)
LAN=$(config_get lan ifname)
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
# The following chains are for traffic directed at the IP of the
# WAN interface
iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
# iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
# iptables -A input_wan -p tcp --dport 22 -j ACCEPT
### Port forwarding
## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
# iptables -t nat -A prerouting_wan -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
# iptables -A forwarding_wan -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
#tracker
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 6966,8394,8395,8396 -j DNAT --to 192.168.1.102
iptables -A forwarding_wan -p tcp -m multiport --dports 6966,8394,8395,8396 -d 192.168.1.102 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.102 -m multiport --dports 6966,8394,8395,8396 -j SNAT --to- ource 192.168.1.1
#192.168.1.102
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 22,80,443 -j DNAT --to 192.168.1.102
iptables -A forwarding_wan -p tcp -m multiport --dports 22,80,443 -d 192.168.1.102 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.102 -m multiport --dports 22,80,443 -j SNAT --to-source 192 168.1.1
#192.168.1.100
iptables -t nat -A prerouting_wan -p tcp -d $IP -m multiport --dports 6967,6968,8732 -j DNAT --to 192.168.1.100
iptables -A forwarding_wan -p tcp -m multiport --dports 6967,6968,8732 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.100 -m multiport --dports 6967,6968,8732 -j SNAT --to-sourc 192.168.1.1
iptables -t nat -A prerouting_wan -p udp -d $IP -m multiport --dports 8733 -j DNAT --to 192.168.1.100
iptables -A forwarding_wan -p udp -m multiport --dports 8733 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.100 -m multiport --dports 8733 -j SNAT --to-source 192.168. .1
iptables -t nat -A prerouting_wan -p tcp -d $IP --dport 9024:9044 -j DNAT --to 192.168.1.100
iptables -A forwarding_wan -p tcp --dport 9024:9044 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 9024:9044 -j SNAT --to-source 192.168.1.1
#192.168.1.101
iptables -t nat -A prerouting_wan -p tcp -d $IP -m multiport --dports 65000 -j DNAT --to 192.168.1.101
iptables -A forwarding_wan -p tcp -m multiport --dports 65000 -d 192.168.1.101 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.101 -m multiport --dports 65000 -j SNAT --to-source 192.168 1.1
iptables -t nat -A prerouting_wan -p udp -d $IP -m multiport --dports 65000 -j DNAT --to 192.168.1.101
iptables -A forwarding_wan -p udp -m multiport --dports 65000 -d 192.168.1.101 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.101 -m multiport --dports 65000 -j SNAT --to-source 192.168 1.1
#192.168.1.103
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 49680,49686 -j DNAT --to 192.168.1.103
iptables -A forwarding_wan -p tcp -m multiport --dports 49680,49686 -d 192.168.1.103 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.103 -m multiport --dports 49680,49686 -j SNAT --to-source 1 2.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p udp -m multiport --dports 49680 -j DNAT --to 192.168.1.103
iptables -A forwarding_wan -p udp -m multiport --dports 49680 -d 192.168.1.103 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.103 -m multiport --dports 49680 -j SNAT --to-source 192.168 1.1
#192.168.1.104
iptables -t nat -A prerouting_wan -d $IP -p tcp -m multiport --dports 49685 -j DNAT --to 192.168.1.104
iptables -A forwarding_wan -p tcp -m multiport --dports 49685 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.104 -m multiport --dports 49685 -j SNAT --to-source 192.168 1.1
iptables -t nat -A prerouting_wan -d $IP -p udp -m multiport --dports 49685,49687 -j DNAT --to 192.168.1.104
iptables -A forwarding_wan -p udp -m multiport --dports 49685,49687 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.104 -m multiport --dports 49685,49687 -j SNAT --to-source 1 2.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p tcp --dport 6891:6900 -j DNAT --to 192.168.1.104
iptables -A forwarding_wan -p tcp --dport 6891:6900 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p tcp -s 192.168.1.0/24 -d 192.168.1.104 --dport 6891:6900 -j SNAT --to-source 192.168.1.1
iptables -t nat -A prerouting_wan -d $IP -p udp --dport 6891:6900 -j DNAT --to 192.168.1.104
iptables -A forwarding_wan -p udp --dport 6891:6900 -d 192.168.1.104 -j ACCEPT
iptables -t nat -A postrouting_rule -o $LAN -p udp -s 192.168.1.0/24 -d 192.168.1.104 --dport 6891:6900 -j SNAT --to-source 192.168.1.1
### DMZ
## -- Connections to ports not handled above will be forwarded to 192.168.1.2
# iptables -t nat -A prerouting_wan -j DNAT --to 192.168.1.2
# iptables -A forwarding_wan -d 192.168.1.2 -j ACCEPT
Thank you in advance.